Hi Mike On 11/17/2016 06:50 AM, Michael StJohns wrote: > > There is no case (absent hardware mitigation) in which a symmetric group > key solution can be made secure/safe and no one has made an offer of > proof that they can make it secure. I've asked repeatedly - no one > has come forward with more than "oh we can lock the symmetric key stuff > in a corner and make sure it isn't used for anything important".
Security is not a black and white thing. What has been clear is that any solution that was proposed for symmetric keys did not meet your expectation. > > > Given the recent attacks on the internet by IOT botnets, there is a > further consideration that should be undertaken - whether the symmetric > group key solution applied to 10s of 1000s of IOT devices is an active > threat to the rest of the internet (e.g. enabling DDOS, cyber physical > issues, etc)? The recent attack was made possible because all devices were provisioned with the same password, which was publically known. What we are proposing here is a key distribution protocol where * each device is provisioned with unique keys (symmetric or asymmetric keys), * uses those keys to authenticated to the trusted third party (the KDC), and * then gets provisioned with temporary shared secrets for used with group communication (whereby non-persistent symmetric keys are used for different groups, keys change over time and where there is an authorization step before you can join a group). > > The multiparty (group) symmetric key solution is only wanted for a > single corner of the solution space - low latency, no cost systems. > E.g. lightbulbs. Given there is a worked example of the insecurity of > multiparty symmetric key systems (e.g. the attack on the symmetric > signing key of the HUE lights), I'm unclear why anyone at all would > think that pursuing a known bad solution in the IETF is a good idea. While the lighting sector is only one part of the IoT industry I think it is OK to standardize a solution for one industry that consists of different vendors. The hack against the HUE lightbulbs you are referring to was also different. The issue there was that the entire product series was using the same shared secret provisioned during manufacturing. What we are doing, however, is to utilize a key distribution protocol to dynamically create shared secrets. So, each device has unique keys to authenticate to the KDC and then gets group keys dynamically provisioned. Note that the security difference here is huge. I know that you are aware of the differences between the attacks and what we do in the ACE working group. Hence I am a bit disappointed that you are trying to make others in the group, who are less knowledgeable in security, believe that these attacks are actually related. Ciao Hannes
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
